3 matches found
CVE-2017-18014
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...
CVE-2017-18014
Summary: CVE-2017-18014 affects Sophos XG Firewall with SFOS before 17.0.3 MR3. The vulnerability is a persistent XSS in the WAF log page (Control Center → Log Viewer → filter “Web Server Protection”) that is triggered by the HTTP POST User-Agent parameter. It is exploitable by an unauthenticated...
Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access(CVE-2017-18014)
Vulnerability Summary The following advisory describes an unauthenticated persistent XSS that leads to unauthorized root access found in Sophos XG version 17. Sophos XG Firewall “provides unprecedented visibility into your network, users, and applications directly from the all-new control center...